Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

NIST response on the weakness in the MD5, etc. digests

by dwhite20899 (Friar)
on Aug 29, 2004 at 16:31 UTC ( #386769=note: print w/replies, xml ) Need Help??


in reply to Re^2: On showing the weakness in the MD5 digest function and getting bitten by scalar context
in thread On showing the weakness in the MD5 digest function and getting bitten by scalar context

Just for the record... yes, I work at NIST, but not in the Security division. However, I use hashes at the core of my work - http://www.nsrl.nist.gov/collision.html

The official statement is below :
http://csrc.nist.gov/
http://csrc.nist.gov/hash_standards_comments.pdf

NIST Brief Comments on Recent Cryptanalytic Attacks on Secure Hashing Functions and the Continued Security Provided by SHA-1

Cryptographic hash functions that compute a fixed size message digest from arbitrary size messages are widely used for many purposes in cryptography, including digital signatures. At the recent Crypto2004 conference, researchers announced that they had discovered a way to "break" a number of hash algorithms, including MD4, MD5, HAVAL-128, RIPEMD and the long superseded Federal Standard SHA-0 algorithm. The current Federal Information Processing Standard SHA-1 algorithm, which has been in effect since it replaced SHA-0 in 1994, was also analyzed, and a weakened variant was broken, but the full SHA-1 function was not broken and no collisions were found in SHA-1. The results presented so far on SHA-1 do not call its security into question. However, due to advances in technology, NIST plans to phase out of SHA-1 in favor of the larger and stronger hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) by 2010. SHA-1 and the larger hash functions are specified in FIPS 180-2. For planning purposes by Federal agencies and others, note also that the use of other cryptographic algorithms of similar strength to SHA-1 will also be phased out in 2010.

  • Comment on NIST response on the weakness in the MD5, etc. digests

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://386769]
help
Chatterbox?
[thezip]: Ooops... I lied. I guess Cygwin is back. I'll just do a tail -f instead. Better. Sorry for the noise.
[Corion]: Once more, I'm looking for a sane client-side framework, but I guess these don't exist. Everything I look at either uses a weirdo home-grown templating language (like Angular in all its incarnations) or uses weirdo Javascript incarnations (like ...
[Corion]: ... Inferno.js, which uses ES2015) or uses some horrible amount of Javascript infrastructure before you can even render a single file.
[Corion]: I'd really like to create a dynamic frontend for my Google Keep clone, but so far, all the templating solutions seem to bring their own template language or require me to hand-code everything in (their own flavour of) Javascript. I'd like something ...
[Corion]: ... that can use templates from the HTML (via <script language="text/ template">... my template ...</script> and otherwise gets out of my way. But it seems that is not how the Javascript world is, currently :-/

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (11)
As of 2017-03-27 18:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Should Pluto Get Its Planethood Back?



    Results (321 votes). Check out past polls.